[Devel] Database access

Daniel-Constantin Mierla daniel at voice-system.ro
Mon Feb 5 10:16:53 CET 2007


If R/W password is not set in the rc file then it should be prompted 
for. It is no need to have it written in plain form in the file. That 
was the reason for having two.

Cheers,
Daniel


On 02/05/07 09:05, Dan Pascu wrote:
> Currently we have both R/O and R/W username/password pairs for database 
> access in openserctl and the database creation scripts.
>
> I want to propose to reduce these to a single username/password setting 
> with full database access. I do not know the reasoning behind having both 
> R/O and R/W access, but if that was based on security concerns, the 
> current implementation does not address those concerns. Considering that 
> both the R/O and the R/W passwords are in the same configuration file, 
> anyone who can access that file (that is anyone who can use the tool) can 
> see both. Considering this, the R/O username/password is superfluous as 
> the R/W pair can be used for all operations and this would simplify the 
> configuration a lot.
>
>   



More information about the Devel mailing list